Diceware passwords now need six random words to thwart hackers

Five isn't enough anymore because password cracking is frighteningly effective.

One of the best ways to create a random yet memorable password is to use "Diceware." This involves literally rolling dice and matching the resulting numbers to a list containing 7,776 English words, each identified by a five-digit number. Five Diceware words has long been thought to provide enough security for the average user.

A five-word Dice password could be something like "boseenricoglennlardheath" or "mastkeithhaagquirttulip."

Further Reading

But five words is no longer enough, Diceware creator Arnold Reinhold wrote earlier this month. Since creating Diceware in 1995 Reinhold had recommended at least six random words for people "with more stringent requirements and where the passphrase was being used directly to form a cryptographic key," but for average users he had said that five would do.

Now, for average users he recommends "a passphrase with six Diceware words, or five words with one extra character chosen and placed at random."

"I had previously written that longer Diceware passphrases might be vulnerable by about 2014," he wrote. "Well it's 2014. Today criminal gangs probably have access to more computing power then the NSA did when this page first appeared. So I am upping my passphrase length advice by one word."

If you have a five-word password today, adding a random character "will make your passphrase about a thousand time more difficult to crack. Adding a sixth word makes it 7776 times harder."

Even a GPU cluster from December 2012 could, depending on the cryptographic hashing algorithm used to protect plain-text passwords, cycle through 350 billion guesses per second. Referring to that project, Reinhold wrote, "They claim they can crack a random 8-character password in under six hours. At that speed, attacking a 5-word Diceware passphrase would take on average of 7,300 hours or 10 months to find the correct passphrase, assuming they knew you were using Diceware and developed equally efficient software designed to try only valid Diceware words."

Further, he noted that "Criminal gangs have built botnets from thousands of computers infected with their malware. Marshaling large numbers of these computers they control might allow them to crack a five word passphrase in a reasonable amount of time." (Gosney's 25-GPU cluster attacked the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003. It's known to be much more vulnerable to cracking than other algorithms. Gosney's machine wouldn't perform as fast against PBKDF2, for instance.)

UPDATE: In a followup e-mail to Ars, Gosney noted that "The figures are based on a brute-force attack that targets a single hash. Due to the nature of GPU computing, attacks that combined multiple words are potentially much slower." At the moment, "Since there are no tools that currently combine three or more words, we don't really know for sure how much slower it would be."

In Reinhold's Diceware FAQ, he writes that "Six words may be breakable by an organization with a very large budget, such as a large country's security agency. Seven words and longer are unbreakable with any known technology, but may be within the range of large organizations by around 2030. Eight words should be completely secure through 2050."

Seven-word Diceware passwords should be considered today for some high-value systems, such as Bitcoin wallets, he wrote. "I do not claim to be an expert on Bitcoin, but some Internet searching suggests that many Bitcoin wallets do very little key stretching. That and the fact that wallets are often used to store large sums of money, make them a very attractive target," he wrote.

Remembering long passwords is hard, especially if you're trying to remember a lot of them. That's why security experts recommend using a password manager, which generates random passwords for websites you need to log into, requiring you to only remember one password to unlock the password management software. Diceware isn't the only method for creating a strong master password, but if it's the method you prefer, a five-word password is no longer recommended.